Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Matthew Garrett
Date: Wed Feb 13 2013 - 13:51:44 EST
On Wed, 2013-02-13 at 10:44 -0800, H. Peter Anvin wrote:
> So people have piggybacked complete inappropriate junk onto
> CAP_SYS_RAWIO. Great. What the hell do we do now? We can't break
> apart CAP_SYS_RAWIO because we don't have hierarchical capabilities.
Yeah. Like I said, it's approximately useless.
> We thus have a bunch of unpalatable choices, **all of which are wrong**.
> This, incidentally, is *exactly* the reason I object to
> CAP_COMPROMISE_KERNEL as well... it describes a usage model, not a resource.
Like I said, I'm not wed to a capability-based model. However, it does
seem marginally more attractive than sprinkling if (!secure_boot) all
over the place. If anyone has alternatives, this would be a great time
to raise them.
Matthew Garrett | mjg59@xxxxxxxxxxxxx